 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1
/ }7 X7 z/ e/ g8 S& jScan saved at 16:55:24, on 2006-5-6
* X4 L- b' n5 G9 C3 g! j( |Platform: Windows XP SP2 (WinNT 5.01.2600)
2 @7 T6 ^5 Y- U3 I9 S. \MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* k1 {2 ]' `7 u& q% e# P) L) N' {6 m/ W5 B
Running processes:
) N$ g( K: m J. AC:\WINDOWS\System32\smss.exe
5 f2 E: { h, h. ^5 mC:\WINDOWS\system32\winlogon.exe
" o$ x& {) ~7 E; Q5 |C:\WINDOWS\system32\services.exe
' F, H( M% e8 y2 @. g6 G: N. t9 R( [C:\WINDOWS\system32\lsass.exe
0 N' W l% u8 }1 dC:\Program Files\Common Files\Virtual Token\vtserver.exe
* V: M) L9 @1 dC:\WINDOWS\system32\ibmpmsvc.exe" |" k. c" \" h% D7 z0 ?
C:\WINDOWS\system32\svchost.exe# A. w5 O4 I* E; k
C:\WINDOWS\System32\svchost.exe5 v0 z3 G# D) S" u# S# l
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe+ @4 D: M4 S8 J) {: D( y# a
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe: I- |, V, v1 u/ Z0 p, b
C:\WINDOWS\system32\spoolsv.exe) ] W& P9 o U5 d$ f7 c! B4 _
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE+ C/ |' A; R0 H0 |
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe- Y8 ]. @* d7 @' {6 `& h
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
! w" ^2 c0 K$ [, v; LC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
# I7 T8 [; A [" h4 tC:\Program Files\F-Secure\Common\FSMA32.EXE
9 H8 N/ P @8 d$ s+ T$ U9 ]( ?" CC:\Program Files\F-Secure\Common\FSMB32.EXE' x& u' U( y. m
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe6 u* |: @" F; T' h' b9 N) Z F9 N
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
; W% c6 D2 E2 w) |C:\WINDOWS\System32\QCONSVC.EXE& p" O# z0 `' L' I* m" ?) I6 a8 f
C:\Program Files\F-Secure\Common\FCH32.EXE
; d9 D6 B+ U9 W( X* K& E+ g, IC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3 w0 c6 _+ S/ w7 f$ z5 Y. LC:\Program Files\Analog Devices\SoundMAX\SMAgent.exe j! D/ ~' P. z }
C:\WINDOWS\System32\TPHDEXLG.EXE
6 i$ b2 u8 Z M0 y& K9 yC:\Program Files\F-Secure\Common\FAMEH32.EXE0 _2 h. @8 H4 B
C:\WINDOWS\system32\TpKmpSVC.exe
) S; }7 Q! `8 \6 `+ ` vC:\Program Files\F-Secure\Anti-Virus\fsqh.exe
! d/ C* w+ F2 s6 t8 w7 q" p9 LC:\Program Files\F-Secure\Anti-Virus\fsrw.exe3 B$ F; ^( M& E. |" ^
C:\Program Files\F-Secure\Common\FNRB32.EXE$ g# Q8 l p/ O2 C2 O* J# }* G
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
- B2 L* `( k/ [: I+ ]C:\Program Files\F-Secure\Common\FIH32.EXE
1 A" l, l3 R* T+ C8 R8 oC:\Program Files\F-Secure\Anti-Virus\fsav32.exe( w, b1 z( e5 }: T1 Z* J
C:\WINDOWS\Explorer.EXE
, F! t, u& ^6 M6 S0 v% @" KC:\Program Files\Synaptics\SynTP\SynTPLpr.exe* V$ x7 a4 D; A2 B( l* j1 C
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 {* K: n7 n6 }; d- N" JC:\WINDOWS\system32\hkcmd.exe
& q8 |) e, w) b8 P8 H9 J# C* uC:\WINDOWS\system32\TpShocks.exe
: @; k+ o c' ?6 g* t4 vC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
* K6 G5 s2 p% I h- iC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe8 h- k( }/ d, _. c2 C3 A2 ]/ ?
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
* q' y$ p+ q& z1 N! O. h; cC:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
/ t( Y; J0 I" g* dC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
" f C# _/ s& ZC:\WINDOWS\system32\dla\tfswctrl.exe
, A+ d1 d8 ], ]: VC:\Program Files\IBM\Messages By IBM\ibmmessages.exe2 Z4 }( a/ [! I# F8 c
C:\IBMTOOLS\UTILS\ibmprc.exe
8 B q/ K8 ]7 z( x, Y7 j" ]C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
4 H1 ]7 g4 J% F9 l- sC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE7 r. ^+ Q) L4 j# z
C:\WINDOWS\System32\svchost.exe- W7 _/ E$ o% ^" J; L7 `+ a2 }9 [
C:\WINDOWS\system32\rundll32.exe9 a W: E( h! j/ z3 z7 p. ^
C:\Program Files\F-Secure\Common\FSM32.EXE
6 ]3 Y [, V$ P* B) Q9 PC:\WINDOWS\system32\CTFMON.EXE
' r# [/ r2 I6 u! z, W! }7 S& G$ XC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe: J- ^: N! w* T; U" F8 m' P! \) O$ Q
C:\Program Files\Digital Line Detect\DLG.exe7 X5 T! }. m) t7 I" m1 m4 U) ?
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe' r/ C3 J; _3 p
C:\Program Files\F-Secure\FSGUI\fsguidll.exe) s W7 R% K3 C
C:\Program Files\Messenger\msmsgs.exe
! x- u9 [& [5 X/ p7 {" X7 {+ R TC:\Program Files\Internet Explorer\iexplore.exe, T( |. H. P( L7 m9 A) P
C:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
- ]* a7 o7 s) r+ T @0 B
+ m$ T# ]1 B, M- S, n- S$ yO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
, ~1 ~6 N; w% Y( U% J9 V6 e9 tO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
- u6 h, M/ l7 ]: J/ ]2 PO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe) [% R+ m& k) \$ ]6 j; p' X- ~
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
: \+ x( ?6 D! _O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe+ `4 i9 B7 f0 Z- d1 O8 l
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
$ J& s3 N* C2 h7 }O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
0 o- o8 J, |8 X# MO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
) X8 d/ V' p' t9 P# o6 o* SO4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup( v- }( w0 u. n3 K5 v, `
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
# H" k! D1 A1 ~8 v# f4 A. a5 qO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
8 o8 h5 B% S7 `, J- d6 s5 z8 WO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe; N I' i, s( ~) G0 N, O6 Q
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
H! G5 R- Q: b) f1 P% }' h0 ]3 VO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
, ^; E0 G/ k1 r6 M* E# u( S2 c- R7 hO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
$ O# V% l2 Z, _' T- A* pO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
. {$ i' ?9 V2 k: S. Y$ x$ jO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
Q5 L/ l/ N& `+ C3 aO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
, H/ _1 r' C; N& N! Y1 |O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE) [- A4 M7 n, u0 e' c
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
" ?" N) @+ {( I- J( I' J0 DO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
3 W# O9 v7 }+ A3 U0 jO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
" |& m1 `# z5 v( g8 vO4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
, o t7 i m- dO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC! a0 M8 P' a8 O! e6 ]- b! p, X/ _
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
$ ?1 }: B9 C. D! i' LO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
. e4 K( W1 z, p5 G, LO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash7 x6 m* a) m5 y, G
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW. }" [" k& e" E6 F) v, e8 y
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe1 d2 ^! S5 M: x5 S4 Y
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
w1 p: `' ^( f; \+ F1 kO4 - Global Startup: Digital Line Detect.lnk = ?
1 o, I" Y$ V4 I# K/ TO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe0 r& m$ X! S& _
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm# h# x6 q* V. g* ?0 t4 B( C' M" L% O+ P
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
3 g0 f o, y3 Y0 P+ C/ y2 ^O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll" ?1 T) r, p0 _( E9 ~$ |+ X) n
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll3 H/ ]' |' J+ I" p; P
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll. Y8 b- [- R3 {- Q$ {) K
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe( c4 ^1 Q/ G% K: o$ N# D
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
# v* l$ M: t6 i3 q, d; { xO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe0 A6 {8 o* v& O$ n; C5 F' o$ T; z
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll" U+ r/ e) V; _3 W' t ^1 I' v* m
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
+ D2 G1 y- ~) g0 m- f8 s6 N& qO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll6 `3 K# o! l3 u% a% z" a
O11 - Options group: [JAVA_IBM] Java (IBM)
`2 |- j: Q. B! c& DO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
# J4 l$ u# \4 t3 HO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
6 O% U0 |2 {2 [$ o: N2 ZO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll3 L* a' E( B0 T* s3 H
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
' L9 V! f! I$ Y o$ k" BO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE: i* o% y) O) n& o+ z
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe) j' C3 _7 t0 p: Z" C7 S
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe% X. Z# t7 U; V. o6 I5 `3 l' L
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE6 |8 @ r2 A* ^, Q8 s% t" r
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
" B3 N; |9 C; ]! v" t3 y. IO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
% F/ l3 `7 s5 h% s" AO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE, y) R! K7 J; H5 Q2 ?0 S
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe+ \# h$ k# Z( @1 q. r
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe" `7 v% K) q+ |1 {+ V6 w$ O- H8 U
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
) Z* s' U, H4 MO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)2 v( T B- f$ r, @: w8 s! x
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE" a" m2 L }# k. t6 H
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
5 D/ g7 e7 V0 u0 HO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1 R# B! `5 ~/ i: N& w* hO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe6 W+ M+ O2 Z- w+ y d# V
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE ^% Z7 R& |- I5 y7 q# u
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe2 B7 ^8 \0 i2 ?0 T% F7 V4 J5 q
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
